Netgear - Admin Credentials Disclosure & Remote Code Execution (CVE-2020-17409, CVE-2020-27866) (CVE-2020-17409, CVE-2020-27866)
- Severity
- CVSSv3 Score
- 8.8
- Vulnerability description
Netgear router is affected by a Credential Disclosure vulnerability, located on the /setup.cgi endpoint. The root cause of this vulnerability consists in insufficient input validation of the HTTP request which allows remote unauthenticated attackers to request the plaintext admin user credentials from the mini_httpd service.
- Risk description
The risk exists that a remote unauthenticated attacker could use the obtained credentials to exploit the CVE-2020-27866 vulnerability which grants the attacker Remote Code Execution capabilities by activating the debug mode that enables the telnet service on port 23. Using the leaked credentials, the attacker can access the target router remotely and obtain privileged unrestricted access. This fully compromises the router and the attacker is able to steal confidential information, install ransomware or pivot to the internal network.
- Exploit capabilities
Sniper can gain unauthenticated Remote Code Execution on the target system and extract multiple artefacts as evidence.
- Recommendation
Consult the advisories provided by Netgear and install the latest non-vulnerable firmware.
- References
https://nvd.nist.gov/vuln/detail/CVE-2020-17409
- Codename
- Not available
- Detectable with
- Network Scanner
- Exploitable with Sniper
- Yes
- Vuln date
- Oct 2020
- Published at
- Updated at
- Software Type
- Networking product
- Vendor
- Netgear
- Product
- Router